[Cryptography] Key escrow scheme

[Jack N.]

9. Apr 2017 15:06 by phill at hallambaker.com:


>
>
> On Sat, Apr 8, 2017 at 2:01 PM, Harlan Lieberman-Berg <> hlieberman at setec.io> > wrote:
>
>> Phillip Hallam-Baker <>> phill at hallambaker.com>> > writes:
>> > Making such a scheme usable is somewhat tricky because we would want to
>> > make the shares used to secure the key to be as small as possible for
>> > convenience which indicates 128 bit work factor for the master key.
>>
>> Why not simply use Shamir's Secret Sharing?  The security properties are
>> much stronger (SSS is information-theoretic secure such that a (k,n)
>> construction reveals no information with k-1 shares known.  The size is
>> fairly minimal too; IIRC, each share is no larger than the key itself
>> (thus, the total construction is n*bit size).
>>
>
> ​I am using Shamir Secret Sharing. But that only gets you from a set of key shares to a master secret. You still have to get from the master secret to the encryption key.
> If you use 256 bits for the master key you end up with 256 bit shares.​




Couldn't the SSShares reconstruct the master secret which is the encryption key?

the master secret needn't be another step removed from the shares.




If you use a 256bit for the master key you dont end have to have 256bit shares, or did you mean 256shares?




But i believe the normal approach to solving the problem, i think you are trying to solve is to use asymmetric encryption where the secret shares reconstruct the asymmetric private key info. Tho i fear you may have the same problem again if you have a fundamental misunderstanding on shamir sharing and prime secret size. 





could the bottom post of this thread help perhaps?

https://crypto.stackexchange.com/questions/39970/shamirs-secret-sharing-scheme-prime-security




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170409/c1c88aeb/attachment.html>